CVE-2023-42961

Published: Apr 11, 2025Modified: Apr 21, 2025

6.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 2.8 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandboxed process may be able to circumvent sandbox restrictions.

Affected (4)

Products: Apple: Ipados, Iphone Os, Macos

3 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 16.7

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 16.7

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	From 12.0 to 12.7
Apple Macos	From 13.0 to 13.6

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (5)

https://support.apple.com/en-us/120328

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/120329

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/120337

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/120949

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/120950

Source: product-security@apple.com

Vendor Advisory

Timeline

No history available yet.